Detecting illicit leakage of information in operating systems *

In this paper we investigate the illicit means of leaking sensitive or private information in operating systems. The leakage cannot be eliminated either by the use of access control and authentication mechanisms or by administrative measures since unauthorized access need not be attempted. In order to resolve the problem, we designed an audit system which is able to detect the illicit leakage of information. This audit system consists of two major components: an enhanced audit-collection mechanism and an audit-analysis tool.